Tell HN: Using Gmail? You will be force logged into Chrome
So, it turns out Chrome 69 is a lot more than just redesign of the tabs and removal of the www from the url.
I'm using the Mac version of Chrome (Version 69.0.3497.81 (Official Build) (64-bit) to be pedantic).
Up until two days ago, logging into gmail and logging into chrome were two different things, as they obviously are (one is a web service the other is a web browser, to be pedantic again)
I would usually be logged into gmail in the browser, but would only log into Chrome on special occasions and/or with specific accounts.
As of today, if I hit www.gmail.com and log in, I'm automatically logged into Chrome. If I log out of Chrome, I'm also logged out of gmail.
This can't be a bug... can it?
322 comments
[ 0.24 ms ] story [ 249 ms ] threadNo,it isn't a bug. It has always been that on android,using chrome browser or the youtube app meant that whatever google account was used in play store is also used to log you into google both on on chrome,yt,maps,etc...
They just brought that feature to desktop,I suppose now you'll be logged into whatever google account last used?
This includes payment info you inputted on the play store or anywhere else.
What exactly is your concern,I can't imagine you'd expect boundaries and privacy to be a thing google would respect with any of their products. They say "don't be evil" but they're pretty wishy-washy and flexible as to what they consider evil. I'd equate complaining about privacy and boundaries with google and fb to complaining about the rude staff and unpleasant patrons in prison.
[0] https://www.expressvpn.com/blog/best-browsers-for-privacy/
> Security: Google has always been known as a leader for browser security, and for good reason... All said, Google’s leading position in browser security is undisputed. 5/5
That is setting up a system-global login, and having apps use it. That is very different, nearly opposite, from logging into a web page and having that intercepted and turned into a more global login.
https://blog.mozilla.org/firefox/facebook-container-extensio...
I'm not saying that you're entirely wrong, because I've used that rationalization for keeping Facebook in the past.
What I do instead is just maintain an address book of everyone I know and send them an update on my life every once in a great while. It's much more fulfilling.
I'm already the black sheep of my family, I'm not going to make it worse because strangers on the internet told me to.
(I do take some precautions, like only using Facebook in a private window, and certainly never on my phone.)
I'll turn that hypothetical question you posed around and ask how saying that email isn't sufficient for keeping in touch is any different from saying "Who needs greeting cards? Just let Facebook tell you to post on someone's timeline when it's a birthday or holiday."
I'm not denying that Facebook has some utility, but it's changed our definition of keeping in touch to value mass quantity over quality. If one values quality communication, Facebook is completely unnecessary and can be replaced with email which is an existing, standardized, ubiquitous, and sufficient means of keeping in contact with people. Your family would be statistical outliers if almost all of them didn't have an email you could send to.
In conjunction with "your life depends on facebook?", I'm simply saying that while one can use Facebook, there is such a thing as a viable alternative with its own advantages. It's controversial, I know.
The non-profit I volunteer with organizes everything over FB. The union I work under announces almost everything over FB. I literally never look at my FB "feed" but I've got 5 private groups that I check every day. If I stopped using FB, I'd be completely out of the loop with almost everything I do.
I suspect that's how a lot of the world operates. FB is free and easy and reliable and everybody already has an account. It lets people post text and photos and comments, and tag other people, and report when they've seen something. That's everything we used to use email for (and a bit more), but more convenient.
I got my first cell phone a couple months ago. It's a lot easier for me to live without a cell phone than to live without FB. No cell phone means I have to wait a couple hours to read my messages. No FB would mean I wouldn't get organization news at all.
Even for people who hate FB on principle, they've never suggested an alternative that meets our needs better today. Possibly Google's services could, but a significant number of people I know don't have Google accounts (or use Gmail), and the people who hate FB usually hate Google just as much. Possibly Yammer, but ditto everything (and Microsoft).
Decentralized social networks are a cool idea, but until FB starts breaking so bad that we're unable to communicate about our upcoming project, we have no reason to consider switching to anything else.
I'm using it but am fairly ambivalent.
Q: Other browser companies tell us that too many options and features confuse users, and they remove or limit functionality based on that claim. Is that true in your opinion?
A: No. [...]
https://www.ghacks.net/2018/07/25/an-interview-with-vivaldis...
It even has the flag for this account-consistency feature. Who knows if it will be enabled - would you even notice if it was?
.tar archives are often referenced as tarballs[1].
[0]https://vivaldi.com/source/
[1]https://en.wikipedia.org/wiki/Tar_(computing)
I'm surprised anyone privacy minded still gets concerned about Google as they've been pretty open about everything since the launch of gmail. They give you free stuff in exchange for ads.
Chrome must send data, even if you aren't signed in. Google has a shadow profile for you anyway, so if you use chrome, you're logging to google.
They're open about the fact that they use your data but not as to how they use it. Even if they were, they have a high motivation to abuse it further and further since that is their business model.
Besides, I don't see how being open about invading your privacy makes it not invading your privacy.
Sub out Google/gmail with Facebook and see how that reads.
Switching to Chromium.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909
https://lwn.net/Articles/648392/
https://news.ycombinator.com/item?id=9724409
I use an email app (just regular Mail on the mac) to access my Gmail. Your email is stored and synced locally so it is accessible offline, and you don't get these shenanigans. Also I use Firefox.
But let's be honest, even if you aren't logged in, and aren't using Chrome, at this point if Google is not recognizing you it is only because they are pretending not to. I'd bet they have a pretty good record of my internet activity.
next up: push for new standards that favor chrome over other browsers.
This one aims to automatically close all such popups. It doesn't "deny" permissions, but that's what content blockers such as uMatrix are for.
I use this feature heavily to separate different clients.
It's also the reason why Chrome/Chromium are now out of the question for personal use: Much to complicated to keep things separated.
I do wish -ProfileManager implied --no-remote though -- I wonder whether there's a reason it doesn't?.
EDIT: I just found `firefox -P` elsewhere in the thread. Also it seems like -ProfileManager does imply --no-remote now. Yay!
[0]: Or a shell script in my case, but a shortcut is probably more "accessible".
Though "Chrome integration" with Google is pointless at best and an awful user experience.
I made the mistake of logging in w/ Google on Chrome mobile. Resulting in all my bookmarks being synced on the phone (because of course I want my desktop bookmarks on my phone. Obviously. Thanks Google). This is a mistake I'm not doing again.
They could do this earlier too. Just needed more recources and still with lesser precision.
You guys really don't get it do you? Google is oceania, it's five eyes / cia-nato and they wanted to have a 'global identifier' to identify everyone on the planet. If they haven't already achieved it (likely they have) then it's something they're aiming for.
google is a technofascist information monopoly, and given that they've been cenosring people politically on youtube by demonetizing and deplatforming them, that should give you pause, in case your opinons 'just so happen to evolve with new information that disagrees with the reigning silicon valley biased cult of opinion called 'the establishment''
sorry I went political here, but software is becoming VERY political. Things in firefox break more and more every day, forcing you to use chrome. FF widevine support breaks all the time, oops there goes NETFLIX and HULU and AMAZON on your linux platform... this kind of thing. Google is widevine, so you better be politically aligned with google or else....no DRM check for you, no video for your customers
I think it’s safe to say google etc don’t require cookies to track you. And they’ve already mapped out any secondary gmail accounts you have. And they have your complete browser history joined from all devices they’ve stitched into your shadow profile which you can’t delete or access. Incognito mode is only good for the little spy guy graphic.
This is the 21st century - all activity is logged for future sale.
People like you really rise my blood pressure. No, it's not important to him/her, bad defaults[1] are important for everyone because they are incorrect design. The correct design is not to synchronize anything before obtaining informed consent.
[1] https://en.wikipedia.org/wiki/Dark_pattern
I completely agree about the dark pattern and I think that's a really good point that I didn't consider at all in what I said.
However, my argument regarding Chrome is that Google carries out tracking so pervasive that it basically doesn't matter any more if they throw a dark pattern like this in the mix. I am still trying to come to terms with how banal this evil has become.
May I suggest that this is a very ugly, condescending, dismissive way of talking to anyone. The phrase has no place on a forum like HN.
Perhaps your suggestion could be valid.
Since you pointed that out, what set me off primarily is similar sentiment when parent hinted that op might be arguing in bad faith with "so it comes off as a bit of a complaint for the sake of it". General dismissive attitude of HN to anything privacy related (like this thread getting downvoted) only exacerbates things further.
I used to use Firefox for work and chrome for personal stuff. My new employer uses Google's business apps so it is easiest in Chrome....but that knocks out my two browsers at once system.
Often I'll need something I saved to drive (sample code, doc, something) or bookmarked in my personal account that suddenly was relevant to work.... swapping logins is a pain....
I still have to switch back and forth and would rather keep both open.
https://support.google.com/chrome/answer/2364824
There are many things that chrome is doing that are dubious, quasi legal
one thing they could be doing is a kind of reverse beacon or barium meal beacon where they generate a unique code and steganographically insert that as an overlay into images...you won't see the difference when your webpage loads the image, but then some javascript will send that image back to a server, and there you ahve a cross site tracking mechanism. This concept has been used in browser fingerprinting, but now that has evolved with html5 with the canvas tag which generates unique ids and sends that back in order to track your browser everywhere around the internet without needing cookies or websocket sessions or any other newer session mgmt mechanism
>This is an intended behaviour if you are using the same Google Account for your Gmail and Chrome. If yes, you'll be signed out of Chrome when you signed out of Gmail account.
...
Good news is that it is possible currently to disable the feature. Doing to breaks the link between the Google Account in Chrome that is used to sync data and Google accounts on Internet sites.
Note: Google may remove experimental flags like the one described below at any time. As long as it turns up when you run the steps below it is supported.
Here is what you need to do:
1. Load chrome://flags/#account-consistency in the browser's address bar. Google Chrome should display the flag Identity consistency between browser and cookie jar at the top.
2. Set the flag to disabled with a click on the menu and selecting disabled from the context menu.
3. Restart the Chrome browser.
Chrome breaks the link between the Google account in Chrome used to sync data and Google accounts that you sign in using the browser on Google sites."
https://www.ghacks.net/2018/09/08/disable-the-sign-out-link-...
Ta-da, no more spyware.
Specially when it's Google. They are super creepy and facilitators of a future where users have zero privacy but don't have the intelligence to care about it.
To me it's obvious, to others it's not. Just look at Google usage. They are absolutely creepy.
Personally having my entire browsing history linked to my name and sent off to a company for analysis and profit is a concern, and this is a deal breaker for me. As such I will no longer be using Chrome as my default browser.
You could point out reasons why this isn't the same thing, but you'd be missing the point. I, as an individual, can't fully assess the privacy impact of every single piece of technology I use, and what seems to be a benign feature backed by a corporation I trust could be anything but.
That being the case, we need to adopt certain heuristics to help defend our privacy. Granting as few permissions as possible for applications we use, and avoiding using a single identity across all of our devices is a good way to mitigate that risk.
Are you an individual that is willing to reduce your privacy a bit for added convenience? That's perfectly fine. But the ethical thing for Google to do would be to make this an opt-in feature, rather than an opt-out. The fact that they made this browser/Google Account sync the default was no accident. They want to gather more data on their users, and know if their users were stopped and prompted to think about whether or not they actually wanted this convenience, they would have less participating users. So they've made the unethical choice, and made this an opt-out feature.
2. Google can say >99% of users "prefer" the new setting.
3. Tighten the lock-in.
Historically, the great Google products are made from scratch (or bought early) and stand by themselves. Their not-so-good products or features are the result of some elaborate corporate thinking that comes out under phrases like "Identity consistency between browser and cookie jar".
So, while they (may) think it tightens the lock-in, it (may) actually end up doing the opposite and be a disservice to everyone.
Gmail and Calendar already share the same login. Is that hurting anyone?
Even ignoring the (many) privacy implications, this causes problems for syncing across devices. Lets say I share a computer with my partner, but we have separate phones. Should I need to check which Gmail account is logged in before bookmarking something? Why can't we share a Chrome profile across those 3 devices while still maintaining separate Gmail accounts?
Suppose I and my partner want to be able to bookmark something and have it show up on both of our phones. Is there a way to do that without sharing a Gmail account? That seems like a pretty common use case to me that was pretty easy to do before Chrome tied them together.
On Firefox, that use case would be trivial. You just sign all your browsers into one account and then use the web normally like you've always done.
No, my suggestion was to create separate user accounts on the shared computer for each person--i.e., each person logs in to the computer with their own user account. That would make all of the website logins separate for each user, without anyone having to switch profiles in their browser.
However, I apparently misunderstood your problem; you don't want everything separate, you just want gmail separate while still sharing Chrome profiles. You're right that my suggestion won't solve that problem.
Why would they use the same browser logon. Sure they might use the same be, sure, they might even not use a different user account on the computer, but your are suggesting that they would use the same Google account to log into the browser yet different Google Accounts to log into Google.
That seems improbable, and likely to have unintended privacy implication that account consistency would mitigate rather than exacerbate.
The privacy implications here are in regards to stuff like Google stripping search terms off of urls from competing services. Caring about that doesn't mean you will necessarily care about hiding search history from your partner. Even with syncing passwords -- both of my parents know how to log into each other's Gmail accounts. Anecdotally, that is relatively common for older generations; sometimes they'll even ask each other to check their email if a computer isn't nearby.
If you have sync turned on in that scenario, you are going to end up with bookmarks and passwords that randomly disappear depending on who was logged into what when they were added.
And sure, you can get around that by just not using sync. The privacy implications are still worse in that situation, because you no longer have a choice not to log into Chrome. But even if you don't care about that, it still seems like a strict downgrade in functionality. You lose the ability to sync bookmarks between computers and you lose the ability to easily share logins.
The response to, "hey, you made this feature less useful!" probably shouldn't be, "well, but you won't notice if you just stop using it." It's hard to make that sound like an upgrade.
It's actually hurting me: I'd like to be able to sign into YouTube on an untrusted device without signing into Gmail at the same time.
While I'm not signed into the browser, it has lifted my Google Account profile image into the browser, so it's still doing some sort of "consistency". It's clear the browser still knows my Google Account.
Image: https://imgur.com/hrEwPqX.png (Note, I confirmed that the about:flag "Identity consistency..." is set to Disabled before/after this screenshot again.)
I continue to be thrilled that I moved back to Firefox around Quantum.